CVE-2025-11598
LOWmObywatel < 4.71.0 - Unauthorized Personal Information Exposure via App Switcher
Title source: llmDescription
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized This issue was fixed in version 4.71.0
References (2)
Core 2
Core References
Various Sources product
https://info.mobywatel.gov.pl/
Various Sources third-party-advisory
https://cert.pl/posts/2026/02/CVE-2025-11598
Scores
CVSS v4
1.0
EPSS
0.0015
EPSS Percentile
4.6%
CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-359
Status
published
Products (1)
Centralny Ośrodek Informatyki/mObywatel
< 4.71.0
Published
Feb 03, 2026
Tracked Since
Feb 18, 2026